I have several remotes sites connected to "home" with Cisco 891 routers at each remote site.
"Home" actually consites of two different data center sites, each with a Cisco 3845 router terminating the IPSec tunnels there. One home site provides VOIP phone service, the 2nd home site provides PC Data.
Each 891 router has two IPSec over GRE tunnels configured, one tunnel goes to the VOIP home site's 3845 router, the 2nd tunnel goes to the DATA home site's 3945 router.
All of my pre-existing 891 routers are still running IOS 12.4(22)YB5, and are working fine.
My newest 891 router, purchased recently for a new remote site, shipped with IOS ver 15.0(1)M4, and when I have both tunnels configured similarly to the others, both tunnels come up and everything seems to work fine, but if I disable the VOIP tunnel with the "shutdown" command on the tunnel interface for VOIP, then the data tunnel will not come up at all, with full verbose crypto logging turned on, I never even see an attempt to bring the data tunnel up, and when I issue a "no shut" on the VOIP tunnel, both tunnels come right up.
This behavior is not seen on the original 891 routers still running 12.4. I can shutdown the VOIP tunnel and the DATA tunnel will come up, stay up just fine.
I really do not need the VOIP tunnel at this new remote site for the immediate future, but would like to keep the configs in place for the future, and also to keep all my 891s configured identically (different ip numbers of course) for consistancy's sake and easy of management.
Is this a known bug in IOS 15.x that if you issue a shutdown on one tunnel interface, it kills them all?
Do I need to install 12.4 on this 891? I'd rather keep the IOS on it that it shipped with.
I think I've decided just to roll back the IOS to 12.4 instead. That way I'll be truly consistant with IOS and configs across all my 891 remote site routers. 12.4 has been working perfectly well at the other locations. I really don't have time to fool around with debugging IOS problems unless Cisco wants to pay me my hourly consulting rate , I just need a known solution that works right now and 12.4 is it.
Hello All, We are using appliance SNS-3495 with 184.108.40.2060 version patch 15. As per the notification pop, Flash player support to end on December 2020 and we are unable to login to CIMC Console for a re-imaging activity. My query1. Can...
Which Cisco Secure products include access to SecureX?
Eventually, all will. At the current time, a license to any of the Cisco products listed here grants immediate rights to use the SecureX platform:https://www.cisco.com/c/en/us/product...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...